“The GDPR is not the end of the conversation, it is the beginning”
As an education coordinator at Tilburg University, Simone Pardoel liaises between the student and the university. It is a position in which she frequently has to deal with matters of online security and privacy. As an education coordinator, she interacts with students a lot. What data do you record and what can you share with other people? How do you keep your nose clean and comply with all the GDPR’s regulations? Simone explains how she goes about it.
Simone works as an education coordinator at TSB, the Tilburg School of Social and Behavioral Sciences, where she has an advisory, signaling, and informational role for students, for example, relating to the programs and to matters across departments. “Students come knocking on my door with a great variety of matters,” Simone states, “ranging from questions about minors or grades to disabilities or special circumstances over which students have no control.”
“For instance, in the event of study delay,” Simone explains, “it is up to the education coordinators, in consultation with the student, to determine to what extent we should share the relevant information to apply for exceptions or special positions. Interviews with us are always confidential so it is quite a challenge sometimes.”
“We are often in a quandary with such an application for an exception,” Simone admits. “When the Examining Board asks our advice, for instance, we would like to tell the whole story to make the situation as clear to them as possible. But simultaneously, we need to respect the student’s privacy. The students who come to us with their problems are vulnerable and we want to protect them.”
Controlling your own privacy
“We try and strike a balance for every situation,” Simone explains. “And we literally ask the student: what do you want me to share about this? It is even better if students themselves share the necessary information with the relevant person or board. In that case, they decide what information they do or do not share and have more control over their own privacy.”
We would like to tell the whole story to make the situation as clear as possible. But simultaneously, we need to respect the student’s privacy.
The GDPR: The pink elephant
Another challenge that Simone and her education coordinator colleagues regularly face is the EU’s General Data Protection Regulation (GDPR). What data from those interviews with students do you record in students’ files? When does the importance of potentially violating privacy outweigh the importance of protecting it?
“At the university, we have a privacy statement but I found it difficult to apply it in practice. How do you properly record information in student files? So we took those questions to Tilburg University’s Privacy Officer and GDPR Policy Officer. Because a lot was unclear to my colleagues as well.”
Continue the dialogue
This resulted in an informative meeting with all TSB’s education coordinators and the secretaries of the Examining Board. The most important message: the GDPR is not the end of the conversation, it is the beginning. “Little details, to share or not to share certain information, can have major implications for the student. It can make the difference between getting an extra resit or not. To that end, we make students aware of the fact that they can build their own evidence file. We explain how they can do so most effectively. Then they keep control over and responsibility for their privacy.”
We make students aware of the fact that they can build their own evidence file and how they can do so most effectively. Then they keep control over and responsibility for their privacy.
Working together for a safe working and studying environment
It is Simone’s experience that much attention is paid to privacy and security at Tilburg University, and a lot of work goes into that on many levels. “Not only do we handle student data consciously and carefully ourselves, we also make students aware of what they can do themselves. The importance of privacy, why they should or should not share their personal circumstances with, for instance, an internship company or the Examining Board, is sometimes rather theoretical for them. So we try to guide them as best we can.”
Online privacy and security – Simone’s three tips
- Always be aware of what you share, with whom and for what purpose, ranging from a photo posted on social media to a statement in an e-mail or a question for ChatGPT.
- Continue the dialogue. How do other people handle online privacy and security and what can you learn from each other?
- Is your work subject to the rules of the GDPR? Do not see it as an obstacle but have an eye for the possibilities. Stop to think how the GDPR can help you create a safe working and studying environment.
Handling personal and other data with care is something we do together... Be your own hero!
By: Hilde Gilissen
Photos: Simone Michielsen